Identity Theft is the fastest growing crime.
Source: U.S. the Federal Trade Commission

9.9 million adults are victims of identity fraud - The number of U.S. identity fraud victims increased 22 percent in 2008 to 9.9 million adults.
Source: Javelin Strategy & Research, February 2009 study

49% of consumers across eight countries would consider switching or definitely switch banks if they or someone they knew was hit by card fraud.
Source: ACI Worldwide - Wednesday, September 16, 2009

Credit card fraud is the number form of Identity Theft and is American's number one fear.
Source: UNISYS Security Index: United States, 4 March 2009 (Wave 4) - Lieberman Research Group)

LexisNexis True Cost of Fraud Study uncovered six key findings:

1) Merchants are paying $100 billion1 in fraud losses due to unauthorized transactions and fees/interest associated with chargebacks, nearly ten times the cost incurred by banks. Far surpassing bank costs of approximately $11 billion in 2008, merchant fraud losses also amounted to more than 20 times the total value of consumer losses (approximately $4.8 billion). Factoring in the additional cost of lost/stolen merchandise, U.S. retail merchants are suffering a total industry-wide fraud loss of $191 billion.

2) One in five merchants experienced an increase in unauthorized transactions associated with identity fraud, which this study attributes to economic conditions and increased criminal sophistication.  Certain merchant segments reveal a higher prevalence of fraudulent transactions such as large e-commerce retailers, of which 40% saw an upsurge.

3) Changing consumer payment methods requires a dynamic fraud management strategy. Credit card crimes continue to rise sharply, but alternative payments represent a troubling new source of losses for large merchants.  Credit cards are linked to nearly half of all fraudulent transactions for all merchants, and 50% of large retailers saw an upsurge in credit card fraud in 2008. Fraudsters are taking note of nontraditional payment methods: 29% of large retailers already reported an increase in alternative payments fraud during 2008.

4) Friendly fraud accounts for more than one-third of the total fraud for online-accepting merchants.  This equates to an average of 0.4% of total annual revenue lost to friendly fraud, whereby a consumer makes an Internet purchase via credit card and issues a chargeback after receiving the purchase.  Friendly fraud represents a growing threat for online-accepting merchants.

5) Merchants show low satisfaction and effectiveness ratings for fraud technology solutions despite increases in the volume of unauthorized transactions and payments fraud.  There’s a silver lining to this cloud: Merchants have an opportunity to assess the cost-effectiveness of the latest fraud-fighting technologies and apply improvements to existing solutions based on benchmarking data provided in this report.

6) Retail merchants seek more education and improved industry standards as they battle the cost of fraud.  One in two merchants see education as their greatest need in reducing fraud, and nearly four in ten merchants identified industry standards. This study allows merchants to compare strengths and vulnerabilities by size, payment method/channel, industry segment and other key areas.

Source: The 2009 LexisNexis True Cost of Fraud Study

 

****************************************************************

Year    Breaches  Records exposed
2005   157            66,853,201
2006   321            19,137,844
2007   446            127,717,240
2008   656            35,691,255
2009* 444            222,077,187

* as of Nov. 24, 2009
Source: Identity Theft Resource Center

 

****************************************************************

 

Date: 4 December 2009

Bank Phishing Attacks Snare Few Victims But Tally Major Damage

Trusteer, which gathers phishing intelligence via its Rapport browser security plug-in, found only:

  • 0.47 percent of a bank's customers fall prey to phishing attacks each year
    the bad guys typically make about $2,000 on each customer's account they compromise
  • Each phishing attack compromised about 0.000564 percent of online banking customers, and 45 percent of them who were redirected to a phishing Web page gave up their online credentials
  • The report found that each bank was targeted on average by 16 phishing Websites a week, which comes out to 832 phishing attacks per year per brand
  • When compared to the Anti-Phishing Working Group estimates that the average number of phishing URLs per brand in June was 190, Trusteer concluded that only one of 2.7 phishing URLs reaches its intended target.

Source: http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=222000597

 

****************************************************************

U.S. Card Fraud Costs Industry Roughly $8.6 Billion Annually: Report

PaymentsSource | Tuesday, January 26, 2010

 

By Meghan Boyer

Card-fraud costs the U.S. payments industry, including issuers, merchants and acquirers, an estimated $8.6 billion per year, according to a recent report from Aite Group LLC, a Boston-based consulting firm. However, fraud amounts to only 0.4% of the estimated $2.1 trillion in U.S. card volume annually, according to the report “Card Fraud in the United States: The Case for Encryption.” Aite interviewed more than 30 fraud-management professionals for the report.

While card-fraud losses represent a small percentage of overall card volume, “this remains a troubling area for the industry due to the volatile nature of fraud,” notes Adil Moussa, Aite analyst and author of the report. As the industry prevents fraud in one area, “it will inevitably pop up in a less-protected area,” he says.

The largest category for U.S. card fraud is first-party fraud committed by crooks pretending to be legitimate cardholders or by legitimate cardholders who decide not to pay off their balances. First-party fraud represents between 7% and 10% of overall issuer charge-offs, according to the report.

The three main forms of third-party fraud in the U.S. are card-not-present, counterfeit and lost-and-stolen data fraud, representing roughly 15% of overall card fraud per category, according to the report. ID theft and non-receipt fraud account for 1.5% and 0.3% of card fraud respectively.


****************************************************************

Credit Card Fraud Most Common Identity Theft

Nine percent of U.S. residents have been affected by identity theft, according to a study of 156,000 consumers by the Ponemon Institute. The survey found that the most common form of identity theft was credit card fraud. One-third of the survey's respondents said that they became identity theft victims after a family member stole their personal ID credentials, while 11 percent said they were victimized after a health care provider or insurer lost their personal information. The consumers who became victims of identity theft as the result of a medical data breach lost an average of more than $20,000, the study found. Of the consumers who said they had been victims of identity theft, 40 percent said they learned about the crime when they received collection letters from creditors. The study also found that nearly half of identity theft victims did not report the crime to law enforcement, usually because they knew the person who stole their identity.

From "Survey: 9 Percent Have Experienced ID Theft"
BankInfoSecurity.com (03/08/10) Anderson, Howard

****************************************************************

Web Banking Fraud Totaled $120M in Third Quarter - 2008

Cybercriminals stole more than $120 million through online banking fraud in the third quarter of last year, reports the Federal Deposit Insurance Corp. (FDIC). Much of the fraud occurred after users were tricked into visiting malicious Web sites or downloading Trojan horses that enabled cybercriminals to steal online banking passwords, says the FDIC's David Nelson. Cybercriminals then transfer money out of the victim's account via the Automated Clearing House (ACH) system. Nelson says that such attacks on commercial deposit accounts have been particularly costly for small businesses and nonprofit organizations, since the accounts do not have the same reimbursement protections that consumer accounts have. Compounding the problem is the fact that small businesses usually do not have controls in place to prevent unauthorized ACH payments, even when they have access to such controls through their banks. As a result, small businesses lost $25 million as the result of online ACH and wire transfer fraud in the third quarter of 2009, Nelson says.

****************************************************************

A study released this year (2010) by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).